Vuln Dev Mode:
(Page 7 of 75)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
Re: Re: Linux restricted ASCII Shellcode 2007-04-22
nonexistant nospam org (2 replies)
Yes I'm having a seg-fault, but I can't catch you...

AFAIK when EIP is pointing somewhere in the NOP sled, no matter how the shellcode is aligned... Alignment has nothing to do here...?¿? I'm wrong?

More over, I've tryed more than 5 different ASCII shellcodes all with the same result... Always se

[ more ]  [ reply ]
Re: Linux restricted ASCII Shellcode 2007-04-23
shadown (shadown gmail com) (1 replies)
Re: Linux restricted ASCII Shellcode 2007-04-23
shadown (shadown gmail com)
Re: Re: Linux restricted ASCII Shellcode 2007-04-23
Deian Stefan (deianstefan gmail com)
Yet another SQL injection framework 2007-04-19
Guillermo Marro (gmmarro flowgate net) (1 replies)
Hi List,

FG-Injector is a free tool that leverages the pentester's work by
facilitating the exploitation of SQL Injection vulnerabilities.

It includes a a powerful proxy feature for intercepting and modifying
HTTP requests, a network spy module to allow the analyst view HTTP
requests and their cor

[ more ]  [ reply ]
Re: Yet another SQL injection framework (file corruption) 2007-04-20
Guillermo Marro (gmmarro flowgate net)
Re: Re: Linux restricted ASCII Shellcode 2007-04-19
nonexistant nospam org (2 replies)
I'm exploiting the stack overflow inserting the shellcode in a environment variable:

export SHELLCODE=`perl -e 'print "\x90"x20000'``perl -e 'print "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf
3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xf
f\xff\x

[ more ]  [ reply ]
Re: Re: Linux restricted ASCII Shellcode 2007-04-23
RaiSe (raise enye-sec org)
Re: Linux restricted ASCII Shellcode 2007-04-21
Deian Stefan (deianstefan gmail com)
SyScan'07 Call for Papers - End 30th April 2007 2007-04-19
organiser (at) syscan (dot) org [email concealed] (organiser syscan org)
To all potential speakers of SyScan'07:

If you would like to enjoy the following privileges, please send in your
submission by 30th April 2007:

1. A free trip to the beautiful and sunny Singapore.
2. S$500 cash for pocket expenses.
3. A very healthy dosage of alcohol.
4. The Best Conference Party

[ more ]  [ reply ]
CfP Hack.lu 2007 2007-04-19
info (info hack lu)
============================

Call for Papers Hack.lu 2007

============================

The purpose of the hack.lu convention is to give an open and free
playground where people can discuss the implication of new technologies
in society.
hack.lu is a balanced mix convention where technical and non

[ more ]  [ reply ]
Linux restricted ASCII Shellcode 2007-04-15
notexist nospam com (1 replies)
Hi all,

I'm testing a simple stack overflow on an application with different filters. I'm exploiting it from the shell via Perl. Different exploit techniques with normal shellcode works perfectly. The problem arises when I try "through" the filter.
I need an ASCII Shellcode.The allowed "A-Z,a-z,0-

[ more ]  [ reply ]
Re: Linux restricted ASCII Shellcode 2007-04-16
Jerome Athias (jerome athias free fr) (1 replies)
Re: Linux restricted ASCII Shellcode 2007-04-16
nnp (version5 gmail com)
Re: Re: .Net Debug 2007-04-06
libx reteam org
Use Dile its a .NET byte code debugger
dile.sourceforge.net

Regards,
LibX

[ more ]  [ reply ]
[CFP] VNSECON 07 - Call for Papers / HCMC - August 03-04, 2007 2007-04-02
rd (rd vnsecurity net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

``
~ @@ ==VNSECURITY==

CALL FOR PAPERS

|=---------------------=[ VNSECON 2007 ]=----------------------=|
|=-------------------------------------------------------------=|
|=-------------------=[ August 3-4,

[ more ]  [ reply ]
Re: buffer overflow - basic help needed (aleph1) 2007-04-02
warl0ck metaeye org
The problem is due to the fact that it has been a
long time since aleph1 wrote that and a lot
of changes and optimizations have come in compilers
and linkers, still it can be done.

first of all lets locate where exactly is the
saved eip.

lets build the program with debugging symbols
to make things

[ more ]  [ reply ]
Metasploit Framework 3.0 RELEASED! 2007-03-27
H D Moore (sflist digitaloffense net)
March 27th, 2007 -- Metasploit is pleased to announce the immediate,
free availability of the Metasploit Framework version 3.0 from
http://framework.metasploit.com/.

The Metasploit Framework ("Metasploit") is a development platform for
creating security tools and exploits. Version 3.0 contains 177

[ more ]  [ reply ]
TOOL: LLTD implementation in Perl 2007-03-16
GomoR (vd gomor org)
Hello list,

I just released a LLTD (Link Layer Topology Discovery Protocol)
implementation written in Perl (using Net::Frame framewwork).

Also, the OSPF implementation used to write the OSPF Attack
Shell has also been released (see www.gomor.org).

You may use this two modules to write fuzzers,

[ more ]  [ reply ]
ARCserve msgeng.exe buffer overflow exploit (win2k SP4) 2007-03-16
WINNY THOMAS (winnymthomas yahoo com)
Hi,
I have attached an exploit for CA ARCserve
msgeng.exe buffer overflow exploit as described in
LS-20060330.pdf. This was tested on windows 2000
server SP4 in a vmware environment.

Cheers,

________________________________________________________________________
____________
Looking for ear

[ more ]  [ reply ]
MS07-012 Not Fixed 2007-03-16
Greg Sinclair (gssincla nnlsoftware com)
*The MS07-012 patch that came out on Black Tuesday in Feb 2007 is not a
complete solution to the problem.*

Title: MFC42u.dll Off-by-Two Overflow
Date: 15 March 2007
Affected: Windows 2000, XP, 2003 (those that were affected by the MS07-012
patch)
Reported by: Greg Sinclair (gssincla...nnlsoftware.

[ more ]  [ reply ]
newline injection in multipart/form-data 2007-03-15
Michal Zalewski (lcamtuf dione ids pl)
There's a funny but alone not very useful vulnerability in how browsers
handle names of multipart/form-data input fields. This affects MSIE and
Firefox, maybe others. You can use Javascript to set 'name' parameter of a
form field to a value that contains double quotes, newline characters,
etc, and t

[ more ]  [ reply ]
A common bug in comment preview that leads to an XSS attack 2007-03-15
Daniel Martin (martin snowplow org)
Recently, I have noticed that many blogs or other fora that allow
user-posted comments suffer from a common bug with regards to comment
preview, such that the comment previewing feature can be exploited
with an XSS type 1 attack.

To test if your favorite blog is vulnerable in this fashion, enter
th

[ more ]  [ reply ]
buffer overflow - basic help needed (aleph1) 2007-03-14
learn lids (learnlids yahoo com)
hi list,

i am learning bof, and am confused with how to move
ahead, any pointers would be great. sorry if the
question is too basic, i am a learner...

1> my system:: fedora core 6, { Kernel
2.6.18-1.2798.fc6 on an x86_64 }
2> program used - example3.c from aleph1's smashing
the stack
------example

[ more ]  [ reply ]
Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007 2007-03-12
Paul Böhm (paul boehm org)
DeepSec In-Depth Security Conference 2007 Europe - Nov 20-23 2007 -
Vienna, Austria
http://deepsec.net/

Call for Papers

In light of Austria's active security scene we are pleased to announce
the first annual European DeepSec In-Depth Security Conference[1], to
be held from November 20th to 23rd 20

[ more ]  [ reply ]
Re: vd_proftpd.pm Metasploit module for ProFTPD stack overflow 2007-03-09
duhastengel hotmail com
I have tried to exploit ProFTPD but the Metasplot module didn't work for me...-
so, I read part of the source and debug it...-.-
And when I smash the stack, putting a value in eip register,I put a \x00 in a pool variable tha is a argument to a function later...-so i have a segment fault, end never

[ more ]  [ reply ]
SyScan'07 - Call for Paper - NEW UPDATES 2007-03-09
organiser (at) syscan (dot) org [email concealed] (organiser syscan org)
dear all

here are some updates to the SyScan'07 call for paper:

1. new topic.
The following topics will be included:
a. Web 2.0 - web services, PHP, .Net, web applications

2. Speakers' Privileges.
a. Speakers at SyScan'07 with a brand new presentation will receive
S$500 cash.
b. Selected speaker

[ more ]  [ reply ]
MS07-016 FTP Response DOS PoC 2007-03-09
Mathew Rowley (mathew rowley gmail com)
Anything more to say?

#!/usr/bin/perl

# MS 07-016 FTP Server Response PoC
# Usage: ./ms07016ftp.pl [LISTEN_IP]
#
# Tested Against: MSIE 6.02900.2180 (SP2)
#
# Details: The response is broken into buffers, either at length 1024,
# or at '\r\n'. Each buffer is apended with \x00, without
#

[ more ]  [ reply ]
Black Hat USA CFP Now Open! 2007-03-08
The Dark Tangent (dtangent defcon org)
Hello Vuln Dev,

I wanted to make some quick Black Hat related announcements.

The Call For Papers for Black Hat USA is now open.
This is the main event, and this year we have even more space, we have expanded from 9 tracks to 11, and we will be introducing Break Out sessions and the Deep Knowledge

[ more ]  [ reply ]
Call for Participation Chaos Communication Camp 2007 2007-03-06
fukami (fukami berlin ccc de)
Chaos Communication Camp 2007
The International Hacker Open Air Gathering
"In Fairy Dust We Trust!"
August, 8th to 12th, 2007
Airport Museum Finowfurt (Finow Airport) near Berlin, Germany

http://events.ccc.de/camp/2007/

=== Overview ===

We ask you to participate in the third Chaos Communication

[ more ]  [ reply ]
(Page 7 of 75)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus